WO2019010421A1 - Systèmes et procédés de génération de clés cryptographiques symmétriques - Google Patents
Systèmes et procédés de génération de clés cryptographiques symmétriques Download PDFInfo
- Publication number
- WO2019010421A1 WO2019010421A1 PCT/US2018/041098 US2018041098W WO2019010421A1 WO 2019010421 A1 WO2019010421 A1 WO 2019010421A1 US 2018041098 W US2018041098 W US 2018041098W WO 2019010421 A1 WO2019010421 A1 WO 2019010421A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- host machine
- message
- seed
- data
- dynamic
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0827—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0872—Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/061—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
Definitions
- Cryptography enables communication of confidential information in untrusted environments. To ensure confidentiality, information is often transmitted in the form of ciphertext, generated with ciphers using cryptographic keys.
- Symmetric-key cryptography is often the preferred method of secret communication due to its performance advantages over asymmetric, or public-key, cryptography.
- a fundamental problem with symmetric-key cryptography is how to initially generate and establish a key agreed upon between the communicators.
- asymmetric-key cryptography is how to initially generate and establish a key agreed upon between the communicators.
- asymmetric techniques rely on slow and complex operations, such as arithmetic exponentiation and querying certificate authorities for public keys.
- asymmetric operations are often not quantum resistant, as efficient algorithms exist for quantum computers to break asymmetric ciphers like RSA and asymmetric key exchanges like Diffie-Helman.
- Features of a methodology according to embodiments of the present invention can (1) establish confidential communication channels by generating symmetric-cryptographic keys limited to particular times, geographies, devices, or sets of devices, (2) initially generate a secret key without sending any data between hosts, (3) only transmit ciphertexts between hosts, and (4) never store secret keys except temporarily, in volatile memory, during the brief window between generation of a key and encryption/decryption.
- the methodology described herein has as its applications any communications that could benefit from symmetric-key cryptography, including, for example, communications between: (1) mobile phones and cell towers, (2) VOIP (voice over IP), or VPN (virtual private network), clients and servers, (3) FM (instant messaging), or email, clients and servers, (4) smart thermostats, or other devices in the smart-grid, and power-grid routers, (5) financial institutions (banks, credit unions, brokerage firms, payment devices, etc.), (6) credit cards and credit-card readers, (7) child monitors (cameras or microphones) and their parents' devices, (8) radio transmitters and receivers using frequency hopping; the generated keys may determine the channel at which to operate, (9) Internet-of-things devices, and (10) any other networked devices.
- Embodiments of the invention include the following components:
- o pairs of devices, or sets of devices can generate keys that are secret from other devices.
- Devices also capable of forming dynamic seeds from one or more sensed signals or auxiliary data.
- a key -generation (keygen) function that inputs a static seed and a dynamic seed and outputs a cryptographic key.
- the first three protocols describe embodiments in which devices generate keys on demand and provide those keys to host machines, so host machines can perform encryption and decryption operations.
- the latter three protocols describe embodiments in which devices generate keys on demand but then use those keys to perform encryption and decryption operations for the host machines.
- the invention provides a system for generating symmetric cryptographic keys.
- the system comprises a first host machine and a first device in communication with the first host machine.
- the first device is configured to receive a message from the first host machine indicating an intent to communicate with a second host machine, generate a secret key based on a static seed and a dynamic seed, the dynamic seed created from sensor data or auxiliary data, encrypt an identifier for the first host machine, or its associated device, using the static seed, to generate an encrypted identifier message, and transmit the encrypted identifier message and the secret key to the first host machine to enable the first host machine to encrypt a plaintext message using the secret key and to transmit the encrypted identifier message and the encrypted plaintext message to the second host machine.
- the invention provides a system for generating symmetric cryptographic keys.
- the system comprises a first host machine and a first device in communication with the first host machine.
- the first device is configured to receive a message from the first host machine indicating an intent to communicate with a second host machine and a plain text message to be encrypted, generate a secret key based on a static seed and a dynamic seed, the dynamic seed created from sensor data or auxiliary data, encrypt an identifier for the first host machine, or its associated device, using the static seed, to generate an encrypted identifier message, encrypt the plaintext message using the secret key, and transmit the encrypted identifier message and the encrypted plaintext message to the first host machine.
- FIG. 1 illustrates a flow diagram for generating symmetric keys.
- Secret keys (KA B ) depend on a given static seed (SA B ) and dynamic seed (D).
- FIG. 2 illustrates a first communication protocol
- FIG. 3 illustrates a second communication protocol
- FIG. 4 illustrates a third communication protocol.
- FIG. 5 illustrates a fourth communication protocol.
- FIG. 6 illustrates a fifth communication protocol.
- FIG. 7 illustrates a sixth communication protocol.
- the invention relates to communication between two or more host machines
- Host machines are any devices communicating or attempting or willing to
- host machines include laptops, personal computers, smartphones, tablet computers, smartwatches, smart apparel, and other Internet-of-things devices.
- host machines include laptops, personal computers, smartphones, tablet computers, smartwatches, smart apparel, and other Internet-of-things devices.
- the communications can be generalized to communications between additional hosts, using techniques known in the art, such as making communications broadcast or multicast rather than unicast, or running multiple instances of the described communication protocols.
- a host H is described as communicating not only with other hosts, but also with a "device” that performs cryptographic operations for host H.
- a device is said to serve, and be associated with, that particular host. It is to be understood that these "devices" may be separate from, embedded in, or part of, the host machines they serve. For example, a device serving host H may plug into a port, such as a USB port, on host H.
- a device serving host H may be embedded into, and share a processor with, host H. There may be no physical, or hardware, separation between a host machine and its associated device.
- a device serving host H may just be a process, thread, procedure, routine, subroutine, function, etc. running on host H.
- Devices may also be shared between hosts, and there may be a "device service" for performing the required cryptographic operations for multiple hosts.
- embodiments of the invention are related to a system for generating symmetric cryptographic keys for communications between hosts.
- Hosts use associated devices to generate secret keys.
- Each key is generated based on a static seed and a dynamic seed.
- the dynamic seed is created from sensor data or auxiliary data.
- the secret key allows host machines to encrypt, or decrypt, plaintext messages sent to, or received from, other host machines.
- Each device can access a set of static secrets, one secret for each device, or group of devices, in a set of devices.
- Each of these "static seeds” is a constant or slowly changing value.
- Devices may store static seeds in an electronic memory, such as nonvolatile flash memory or a protected Trusted Platform Module (TPM) memory segment.
- TPM Trusted Platform Module
- devices may not store static seeds in electronic memory, for example by storing them on tape or not storing them at all.
- a device may use a sensor to read the desired static seed whenever needed.
- a static seed may be encoded as the temperature in a climate-controlled building.
- a device need not store this static seed in memory, for it can always access the desired value by using a thermometer to read the temperature.
- a set of devices contains only two devices, called A and B, with Device A serving Host A and Device B serving Host B.
- Device A may have access to two static seeds, one called SA B , used for communicating with Device B, and another called SAA, used for communicating with itself (i.e., for encrypting "data at rest", which remains on Host A).
- Device B may also have access to two static seeds, one being the same SA B accessible to Device A and the other being S BB (where S BB is used for Device B to communicate with itself, i.e., to encrypt data for Host B that will remain on Host B).
- a device capable of communicating with the n-1 other devices in its set of devices may have access to n static seeds, each indexed by the ID of the device that can access that same static seed.
- Static seeds serve several purposes.
- One purpose of static seeds is to avoid the problems with techniques based on the "principle of reciprocity", in which attackers may obtain secret keys by sensing the same data as the communicators.
- Another purpose of static seeds is to guarantee that generated keys are based on sufficient entropy, to prevent brute-force attacks in which all possible keys are tried. Regardless of how much entropy exists in dynamic seeds, the static seeds can be made to contribute arbitrary and sufficient entropy to the generated key.
- Static-seed entropy may, for example, be produced with a Cryptographically Secure Pseudo- Random Number Generator (CSPRNG) and encoded on devices at time of manufacture.
- CSPRNG Cryptographically Secure Pseudo- Random Number Generator
- static seeds may be agreed upon through traditional techniques, including existing key generation and key-exchange protocols. Static seeds may occasionally be updated through similar means, for example when devices are added to, or removed from, a set of devices.
- Dynamic seeds are a means for contributing entropy or freshness to generated keys based on values that change more rapidly than static seeds but are nonetheless accessible to all the devices participating in a communication. While static seeds are constant, or slowly changing, and therefore may be reused through multiple key generations, dynamic seeds change more quickly, and each key generation is based on a fresh, or refreshed, dynamic seed.
- every generation of a new symmetric key for communication between Hosts A and B may be based on the same static seed SA B but different dynamic seeds. That is, if Device A is generating a new key to enable Host A to communicate with Host B, Device A may base the new key on (1) the same static seed SA B it has used in the past to generate keys for communications between Hosts A and B, and (2) a fresh dynamic seed, for example the current time.
- Devices are capable of forming dynamic seeds from one or more sensed signals or auxiliary data.
- sensed signals that may be used to form a dynamic seed include the current time, a pseudorandom number such as a nonce (which is typically computed based in part on the sensed time), location, temperature, acceleration, brightness, or ambient noise.
- auxiliary data on which dynamic seeds may depend include (1) timestamps encoding times in the past or future, for example to encode the time at which another device generated a key in the past, or to encode a time at which a key should expire in the future; (2) geographic ranges, for example to encode the maximum range over which a key should be accessible; or (3) sensor- channel characteristics, for example to encode a particular channel into which a device must tune its sensors, in order to obtain the correct sensed signals for the dynamic seed.
- the illustrative communication protocols will further clarify the use of auxiliary data for generating keys.
- Devices A and B may both be located near each other, on the same floor of a building lacking climate controls.
- Devices A and B may sense and use the current temperature as a dynamic seed.
- a dynamic seed can only be reliably obtained by devices that (1) are in the immediate geographic area of Devices A and B, and (2) read the temperature at about the same time as Devices A and B read the temperature.
- this dynamic seed is geographically and temporally limited.
- Temporally, the dynamic seed "expires" when the temperature changes, because reading the current temperature is not a perfectly reliable indicator of past (or future) temperatures.
- keys are generated based on such geographically and temporally limited dynamic seeds, the keys themselves are geographically and temporally limited.
- temperature sensing is only provided as an illustrative example of dynamic-seed agreement between devices. Other phenomena, natural or artificial, may produce signals that devices entering communication may read and use as dynamic seeds for the keygen process.
- Basing secret keys on dynamic seeds serves several purposes, including prevention of replay attacks (dynamic seeds ensure that generated keys change) and ensuring forward secrecy of communications (obtaining one secret key does not leak other secret keys).
- FIG. 1 illustrates a flow diagram for generating cryptographic keys based on static and dynamic seeds. It may be desirable to implement the keygen function, which receives static seeds and dynamic seeds as inputs and then outputs a secret key, as a cryptographic hash function with high avalanche effect, such as SHA-3, to ensure that entirely new keys are generated even when static seeds do not change.
- the keygen function which receives static seeds and dynamic seeds as inputs and then outputs a secret key, as a cryptographic hash function with high avalanche effect, such as SHA-3, to ensure that entirely new keys are generated even when static seeds do not change.
- Encryption and decryption operations described in the illustrative protocols may be performed using any known symmetric-key ciphers, including for example AES or one-time pads. It will be understood and appreciated by those skilled in the art of cryptography that the present invention enables implementation of one-time pads, as a new secret key (of length equal to the message being transmitted) may be generated for each message transmitted between hosts.
- the encryption of a message M using key K is written ⁇ M ⁇ K .
- Additional elements may be added to the protocols shown, to implement additional features. For example, communications could occur between more than two hosts using techniques known in the art for generalizing two-host communications to n-host
- communications including using seeds or keys agreed upon, or sensed, by more than two hosts, transmitting messages in a broadcast or multicast manner, or concurrently running multiple instances of the protocols.
- additional timestamps or nonces may be added to the messages shown in the protocols, to provide additional protections against replay attacks.
- message authentication codes may be added to the messages shown in the protocols, to provide additional guarantees of authenticity and integrity.
- messages may be sent on top of existing protocols, such as IP, UDP, TCP, HTTP, TLS, HTTPS, etc.
- auxiliary data X seen in Figures 2-7, may be removed from the protocols shown, for those embodiments in which devices participating in the communication can form dynamic seeds without access to the auxiliary data.
- the illustrative communication protocols include auxiliary data, it should be understood that auxiliary data is an optional element of the communication protocols, included for embodiments in which one or more devices need the auxiliary data to form the correct dynamic seed.
- the protocols include a host machine transmitting, to its associated device, a message containing a host or device identifier; such message transmission represents data flowing from the host to its associated device.
- a "message” "transmitted” from H to D and “received” by D may not be a message sent over a network or through a communication port, but instead may be initialization parameters, function arguments, or any other data flow from H to D.
- messages simply indicate a flow of data.
- Host A sends Device A an identifier B, referring to Host B or its associated device, to indicate an intent to communicate with Host B.
- the dynamic seed D may depend on auxiliary data X unknown and not immediately accessible to Device B, possibly in addition to signals that Devices A and B can sense.
- Device A may identify particular auxiliary data X, such as a fresh timestamp obtained on Device A and therefore unknown and not immediately accessible to Device B, to use for the current communication's dynamic seed D.
- this auxiliary data X is carried through the communications in the protocol, ultimately arriving at Device B and enabling Device B to use the same data X to generate its local copy of the same dynamic seed D.
- Host B sends ⁇ A,X ⁇ Sab to Device B .
- (b) finds KA B using static seed SA B and the dynamic seed D.
- Dynamic seed D may be obtained from the auxiliary data X and any additional data accessible to, or capable of being sensed by, Device B. Given the static and dynamic seeds, Device B uses the process shown in Figure 1 to obtain KA B.
- Host B has KA B and can use it to obtain the plaintext M from the second ciphertext received from Host A (i.e., ⁇ M ⁇ KAB )-
- a device or host receives an undefined input, including, for example, a reused timestamp in auxiliary data X, then that device or host may signal an error.
- Hosts and devices following this protocol may destructively delete keys and keygen data, such as dynamic seeds, immediately after use. Future communications may use freshly generated keys.
- the second example communication protocol shown in Figure 3 is a variation of the first protocol shown in Figure 2.
- the second protocol adds message authentication codes (MACs) to communications.
- a MAC of data T generated with key K is notated MAC(T) K .
- MACs provide standard benefits of ensuring authenticity and integrity of messages.
- the second example communication protocol has Device A generating the MAC of (A,X) using secret key KA B -
- This MAC gets transmitted from Device A to Host A, Host A to Host B, and Host B to Device B, and serves an important additional purpose, beyond the standard purpose of MACs to provide message authenticity and integrity.
- the additional purpose is to enable Device B to uniquely determine KA B , for those embodiments in which multiple candidate secret keys exist.
- Device B after obtaining static seed SA B and using SA B to decrypt the message received from Host B to obtain auxiliary data X, may find that multiple candidate dynamic seeds D exist, even for the provided auxiliary data X. For example, due to signal noise, Device B may not be able to obtain dynamic seed D with certainty, instead only obtaining a set of candidate dynamic seeds. In such a case, Device B can use the MAC(A,X) Kab it obtained by decrypting the message received from Host B with static seed SA B , to find the correct dynamic seed D.
- Device B searches the candidate dynamic seeds to find the unique dynamic seed D such that, when input with static seed SA B into the keygen function (shown in Figure 1), the output key KA B produces a MAC of (A,X) equal to the MAC(A,X) Kab obtained by decrypting the message from Host B.
- the third example communication protocol is another variation of the first protocol shown in Figure 2.
- the third protocol illustrates Host A determining and sending auxiliary data X to Device A, rather than Device A determining the auxiliary data on its own.
- This variation illustrated in Figure 4 is useful for embodiments in which the host machine, or its user, determines desired characteristics of dynamic seeds (and the resulting secret keys). For example, a user of Host A may wish to establish a secure communication channel based on a key only obtainable for the next hour.
- the one-hour expiration time constitutes auxiliary data X, which Device A may use to determine the dynamic seed on which to base the secret key KA B - Device A may, for example, base dynamic seed D on sensed data known to fluctuate little over the next hour, known to be unpredictable after an hour, and known to be capable of being sensed by Device B (assuming Device B has the same auxiliary-data parameter X).
- auxiliary data X may encode geographic restrictions on the availability of dynamic seeds (and the resulting secret keys).
- the first three communication protocols are distinguished from the second three communication protocols, shown in Figures 5-7, in that devices in the first three protocols never access plaintext messages M.
- the devices in the first three communication protocols provide a keygen service to hosts, while the devices in the second three communication protocols provide a keygen and encryption/decryption service to hosts.
- the only substantial differences between the protocols shown in Figures 2-4, and those shown in Figures 5-7, is that the protocols shown in Figures 5-7 have Host A also sending Device A the plaintext M, which Device A encrypts for Host A, and the converse operations occur between Host and Device B.
- Protocols 1-3 shown in Figures 2-4, over Protocols 4-6, shown in Figures 5-7, are that some users may be skeptical that devices will properly safeguard their plaintexts. Such users may be more comfortable with devices never having access to plaintexts.
- host machines e.g., chips inside mobile phones
- the host machines include the associated devices and must already be trusted (because the hosts could leak plaintexts even without the embedded, associated devices). Therefore, in such cases, any advantage of Protocols 1-3 over Protocols 4-6 is diminished or removed.
- Protocols 4-6 The primary advantage of Protocols 4-6 over Protocols 1-3 is that all keys remain inside, and under the control of, the devices. That is, hosts in Communication Protocols 4-6 never have access to the secret key KAB (nor other inputs to the keygen function, such as static and dynamic seeds). This extra control of keys in Protocols 4-6 prevents host machines from misusing or performing dangerous operations on seeds or secret keys, such as archiving them or allowing untrusted parties to access them.
- KAB secret key
- This extra control of keys in Protocols 4-6 prevents host machines from misusing or performing dangerous operations on seeds or secret keys, such as archiving them or allowing untrusted parties to access them.
- the system architectures having just been disclosed have several desirable properties. The system architectures:
- the message sender uses Device A to generate a secret key, without communicating with Host or Device B.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
Un système permettant de générer des clés cryptographiques symétriques pour la communication entre des hôtes. Les hôtes utilisent des dispositifs associés pour générer les clés secrètes. Chaque clé est générée sur la base d'une graine statique et d'une graine dynamique. La graine dynamique est créée à partir des données d'un capteur ou de données externes. La clé secrète permet aux machines hôtes de chiffrer ou de déchiffrer des messages textuels envoyés ou reçus par les autres machines hôtes.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201762529715P | 2017-07-07 | 2017-07-07 | |
US62/529,715 | 2017-07-07 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019010421A1 true WO2019010421A1 (fr) | 2019-01-10 |
Family
ID=64902936
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2018/041098 WO2019010421A1 (fr) | 2017-07-07 | 2018-07-06 | Systèmes et procédés de génération de clés cryptographiques symmétriques |
Country Status (2)
Country | Link |
---|---|
US (2) | US10291403B2 (fr) |
WO (1) | WO2019010421A1 (fr) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981264A (zh) * | 2019-03-11 | 2019-07-05 | 北京纬百科技有限公司 | 一种应用密钥生成方法及密码机设备组件 |
CN111131270A (zh) * | 2019-12-27 | 2020-05-08 | 五八有限公司 | 数据加密和解密方法、装置、电子设备及存储介质 |
WO2022021005A1 (fr) * | 2020-07-27 | 2022-02-03 | 中国科学院重庆绿色智能技术研究院 | Procédé de chiffrement et de déchiffrement symétrique basé sur une complexité exponentielle |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2020167509A (ja) * | 2019-03-29 | 2020-10-08 | コベルコ建機株式会社 | 情報処理システム、情報処理方法、およびプログラム |
US11405203B2 (en) | 2020-02-17 | 2022-08-02 | Eclypses, Inc. | System and method for securely transferring data using generated encryption keys |
KR102244290B1 (ko) * | 2020-12-21 | 2021-04-26 | 주식회사 퓨쳐텍정보통신 | 데이터 전송 장치와 데이터 수신 장치 간의 보안 통신을 지원하는 암호화 통신 장치 및 그 동작 방법 |
CN112865969A (zh) * | 2021-02-07 | 2021-05-28 | 广东工业大学 | 一种数据加密卡的加密方法及装置 |
US11522707B2 (en) | 2021-03-05 | 2022-12-06 | Eclypses, Inc. | System and method for detecting compromised devices |
US11720693B2 (en) | 2021-03-05 | 2023-08-08 | Eclypses, Inc. | System and method for securely transferring data |
US11930441B2 (en) * | 2021-06-14 | 2024-03-12 | Capital One Services, Llc | Event-based modification of personal device settings |
CN114024724B (zh) * | 2021-10-25 | 2023-06-13 | 四川启睿克科技有限公司 | 一种基于物联网的对称密钥动态生成方法 |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060256961A1 (en) * | 1999-05-04 | 2006-11-16 | Rsa Security Inc. | System and method for authentication seed distribution |
US20110126005A1 (en) * | 2009-11-24 | 2011-05-26 | Microsoft Corporation | Dynamic configuration of connectors for system-level communications |
US20110307699A1 (en) * | 2009-03-25 | 2011-12-15 | Pacid Technologies, Llc | Token for securing communication |
US20130014227A1 (en) * | 1998-10-30 | 2013-01-10 | Virnetx, Inc. | System and method employing an agile network protocol for secure communications using secure domain names |
US20160117262A1 (en) * | 2014-10-23 | 2016-04-28 | Microsoft Corporation | Hybrid Cryptographic Key Derivation |
US20170063535A1 (en) * | 2015-04-20 | 2017-03-02 | Certicom Corp. | Generating Cryptographic Function Parameters From a Puzzle |
US20170195298A1 (en) * | 2014-05-29 | 2017-07-06 | Entersekt International Limited | Method and System for Determining a Compromise Risk Associated with a Unique Device Identifier |
Family Cites Families (46)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0951767A2 (fr) * | 1997-01-03 | 1999-10-27 | Fortress Technologies, Inc. | Dispositif de securite ameliore pour reseaux |
US7032240B1 (en) * | 1999-12-07 | 2006-04-18 | Pace Anti-Piracy, Inc. | Portable authorization device for authorizing use of protected information and associated method |
US7278017B2 (en) * | 2000-06-07 | 2007-10-02 | Anoto Ab | Method and device for secure wireless transmission of information |
US20090245516A1 (en) * | 2008-02-26 | 2009-10-01 | Pasupuleti Sureshbabu Ravikiran | Method and system for high entropy encryption using an unpredictable seed based on user regisration time |
US6871192B2 (en) * | 2001-12-20 | 2005-03-22 | Pace Anti-Piracy | System and method for preventing unauthorized use of protected software utilizing a portable security device |
US7509494B2 (en) * | 2002-03-01 | 2009-03-24 | Masimo Corporation | Interface cable |
JP2005130028A (ja) * | 2003-10-21 | 2005-05-19 | Yazaki Corp | 暗号キー並びにこれを用いた暗号化装置及び復号化装置 |
US7813503B2 (en) * | 2006-09-13 | 2010-10-12 | Pitney Bowes Inc. | Method and system for generation of cryptographic keys for use in cryptographic systems |
US9111122B2 (en) | 2007-07-02 | 2015-08-18 | Freescale Semiconductor, Inc. | Asymmetric cryptographic device with local private key generation and method therefor |
JP5248153B2 (ja) * | 2008-03-14 | 2013-07-31 | 株式会社東芝 | 情報処理装置、方法及びプログラム |
WO2011089143A1 (fr) | 2010-01-20 | 2011-07-28 | Intrinsic Id B.V. | Dispositif et procédé d'obtention d'une clé cryptographique |
US8429407B2 (en) * | 2010-05-26 | 2013-04-23 | Apple Inc. | Digital handshake between devices |
US8966289B2 (en) * | 2010-12-17 | 2015-02-24 | Nxp B.V. | Pairing of angle sensor and electronic control unit |
US8526606B2 (en) * | 2010-12-20 | 2013-09-03 | GM Global Technology Operations LLC | On-demand secure key generation in a vehicle-to-vehicle communication network |
US8817984B2 (en) | 2011-02-03 | 2014-08-26 | mSignia, Inc. | Cryptographic security functions based on anticipated changes in dynamic minutiae |
US20130042112A1 (en) * | 2011-02-12 | 2013-02-14 | CertiVox Ltd. | Use of non-interactive identity based key agreement derived secret keys with authenticated encryption |
US9134378B2 (en) * | 2011-03-14 | 2015-09-15 | Synopsys, Inc. | Linear decompressor with two-step dynamic encoding |
KR101860440B1 (ko) * | 2011-07-01 | 2018-05-24 | 삼성전자주식회사 | 기기 간 통신 시스템에서 멀티캐스트 데이터 암호화 키 관리 방법, 장치 그리고 시스템 |
KR101954215B1 (ko) | 2011-07-12 | 2019-06-07 | 삼성전자주식회사 | 비휘발성 저장 장치의 이용 방법 및 장치 |
US9172529B2 (en) * | 2011-09-16 | 2015-10-27 | Certicom Corp. | Hybrid encryption schemes |
JP5275432B2 (ja) * | 2011-11-11 | 2013-08-28 | 株式会社東芝 | ストレージメディア、ホスト装置、メモリ装置、及びシステム |
JP5973224B2 (ja) * | 2012-05-10 | 2016-08-23 | 株式会社東海理化電機製作所 | 電子キー登録方法 |
KR20130140948A (ko) * | 2012-05-17 | 2013-12-26 | 삼성전자주식회사 | 저장 장치의 식별자에 기반한 컨텐츠의 암복호화 장치 및 방법 |
KR101959738B1 (ko) * | 2012-05-24 | 2019-03-19 | 삼성전자 주식회사 | 장치 식별자와 사용자 인증 정보에 기반한 보안 키 생성 장치 |
US8726024B2 (en) * | 2012-06-14 | 2014-05-13 | Kabushiki Kaisha Toshiba | Authentication method |
US8650398B2 (en) * | 2012-06-14 | 2014-02-11 | Kabushiki Kaisha Toshiba | Device authentication using restricted memory |
US8762717B2 (en) * | 2012-06-15 | 2014-06-24 | Kabushiki Kaisha Toshiba | Authentication device |
US9323950B2 (en) | 2012-07-19 | 2016-04-26 | Atmel Corporation | Generating signatures using a secure device |
US8885827B2 (en) | 2012-10-16 | 2014-11-11 | Cambridge Silicon Radio Limited | System and method for enabling a host device to securely connect to a peripheral device |
WO2014132664A1 (fr) * | 2013-02-28 | 2014-09-04 | パナソニック株式会社 | Système d'authentification, support d'enregistrement non volatil, ordinateur hôte et procédé d'authentification |
EP2775656A1 (fr) * | 2013-03-04 | 2014-09-10 | Thomson Licensing | Dispositif pour produire une clé cryptée et procédé destiné à fournir une clé cryptée à un récepteur |
US9350550B2 (en) * | 2013-09-10 | 2016-05-24 | M2M And Iot Technologies, Llc | Power management and security for wireless modules in “machine-to-machine” communications |
JP6237363B2 (ja) * | 2014-03-14 | 2017-11-29 | ソニー株式会社 | 情報処理装置、情報処理方法及びコンピュータプログラム |
US9445264B2 (en) * | 2014-05-22 | 2016-09-13 | Pacesetter, Inc. | System and method for establishing a secured connection between an implantable medical device and an external device |
JP2017527052A (ja) * | 2014-07-09 | 2017-09-14 | リーオ インコーポレイテッド | 接続監視に基づく故障診断 |
US9374222B2 (en) * | 2014-09-02 | 2016-06-21 | Alcatel Lucent | Secure communication of data between devices |
KR102457809B1 (ko) * | 2014-09-24 | 2022-10-24 | 삼성전자주식회사 | 데이터 통신 보안을 위한 방법, 장치 및 시스템 |
US9712503B1 (en) * | 2015-03-23 | 2017-07-18 | Amazon Technologies, Inc. | Computing instance migration |
US10348704B2 (en) * | 2015-07-30 | 2019-07-09 | Helder Silvestre Paiva Figueira | Method for a dynamic perpetual encryption cryptosystem |
US10069625B2 (en) * | 2015-09-22 | 2018-09-04 | Quanta Computer Inc. | System and method for automatic key generation for self-encrypting drives |
US10097948B2 (en) | 2016-03-31 | 2018-10-09 | Intel Corporation | Point-and-connect bluetooth pairing |
EP3229437A1 (fr) * | 2016-04-07 | 2017-10-11 | Walter Steven Rosenbaum | Dispositif de communication et procédé de protection d'un système de communication contre l'application d'un code non autorisé |
US10382196B2 (en) * | 2016-04-29 | 2019-08-13 | Olympus Sky Technologies, S.A. | System and method for secure communications based on locally stored values |
US10382208B2 (en) * | 2016-04-29 | 2019-08-13 | Olympus Sky Technologies, S.A. | Secure communications using organically derived synchronized processes |
US10505909B2 (en) | 2016-12-21 | 2019-12-10 | Intel Corporation | Dual physical channel secure connection |
US10778424B2 (en) * | 2017-02-27 | 2020-09-15 | Cord3 Innovation Inc. | Symmetric cryptographic method and system and applications thereof |
-
2018
- 2018-07-06 WO PCT/US2018/041098 patent/WO2019010421A1/fr active Application Filing
- 2018-07-09 US US16/030,550 patent/US10291403B2/en active Active
- 2018-09-19 US US16/135,856 patent/US10298391B2/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130014227A1 (en) * | 1998-10-30 | 2013-01-10 | Virnetx, Inc. | System and method employing an agile network protocol for secure communications using secure domain names |
US20060256961A1 (en) * | 1999-05-04 | 2006-11-16 | Rsa Security Inc. | System and method for authentication seed distribution |
US20110307699A1 (en) * | 2009-03-25 | 2011-12-15 | Pacid Technologies, Llc | Token for securing communication |
US20110126005A1 (en) * | 2009-11-24 | 2011-05-26 | Microsoft Corporation | Dynamic configuration of connectors for system-level communications |
US20170195298A1 (en) * | 2014-05-29 | 2017-07-06 | Entersekt International Limited | Method and System for Determining a Compromise Risk Associated with a Unique Device Identifier |
US20160117262A1 (en) * | 2014-10-23 | 2016-04-28 | Microsoft Corporation | Hybrid Cryptographic Key Derivation |
US20170063535A1 (en) * | 2015-04-20 | 2017-03-02 | Certicom Corp. | Generating Cryptographic Function Parameters From a Puzzle |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981264A (zh) * | 2019-03-11 | 2019-07-05 | 北京纬百科技有限公司 | 一种应用密钥生成方法及密码机设备组件 |
CN109981264B (zh) * | 2019-03-11 | 2020-08-04 | 北京纬百科技有限公司 | 一种应用密钥生成方法及密码机设备组件 |
CN111131270A (zh) * | 2019-12-27 | 2020-05-08 | 五八有限公司 | 数据加密和解密方法、装置、电子设备及存储介质 |
CN111131270B (zh) * | 2019-12-27 | 2021-11-16 | 五八有限公司 | 数据加密和解密方法、装置、电子设备及存储介质 |
WO2022021005A1 (fr) * | 2020-07-27 | 2022-02-03 | 中国科学院重庆绿色智能技术研究院 | Procédé de chiffrement et de déchiffrement symétrique basé sur une complexité exponentielle |
Also Published As
Publication number | Publication date |
---|---|
US20190013941A1 (en) | 2019-01-10 |
US20190036691A1 (en) | 2019-01-31 |
US10291403B2 (en) | 2019-05-14 |
US10298391B2 (en) | 2019-05-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10298391B2 (en) | Systems and methods for generating symmetric cryptographic keys | |
Xiong et al. | Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing | |
US9973334B2 (en) | Homomorphically-created symmetric key | |
US8607341B2 (en) | Method and system for preserving security of sensor data and recording medium using thereof | |
Louw et al. | A key distribution scheme using elliptic curve cryptography in wireless sensor networks | |
JP2019533384A (ja) | データ伝送方法、装置およびシステム | |
Grissa et al. | Preserving the location privacy of secondary users in cooperative spectrum sensing | |
US11870891B2 (en) | Certificateless public key encryption using pairings | |
Amalraj et al. | A survey paper on cryptography techniques | |
WO2017167771A1 (fr) | Protocoles d'établissement de liaison "handshake" pour matériau de clé basée sur l'identité et certificats | |
KR20150122513A (ko) | 암호화 장치, 암호화 방법 및 컴퓨터 판독가능 기록매체 | |
US9130744B1 (en) | Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary | |
KR101516114B1 (ko) | 인증서 기반 프록시 재암호화 방법 및 이를 위한 시스템 | |
Nyangaresi et al. | Privacy preservation protocol for smart grid networks | |
US10686587B2 (en) | Method for safeguarding the information security of data transmitted via a data bus and data bus system | |
US20150134960A1 (en) | Determination of cryptographic keys | |
US11516655B2 (en) | Physical layer key generation | |
CN105024807A (zh) | 数据处理方法及系统 | |
Hasan et al. | Secure lightweight ECC-based protocol for multi-agent IoT systems | |
KR20200040248A (ko) | 매우 안전한, 데이터의 고속 암호화 및 전송을 위한 컴퓨터-구현 시스템 및 방법 | |
Niu et al. | A novel user authentication scheme with anonymity for wireless communications | |
Zegers et al. | A lightweight encryption and secure protocol for smartphone cloud | |
Jain et al. | Secure communication using RSA algorithm for network environment | |
KR20220106740A (ko) | 무인증서 인증 암호화(clae)를 사용한 검증 가능한 id 기반 암호화(vibe) 방법 및 시스템 | |
Mirtskhulava et al. | Cryptanalysis of internet of things (IoT) wireless technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18828716 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18828716 Country of ref document: EP Kind code of ref document: A1 |